How to spot a scam email
Over half of all global emails are spam, but can you spot them? This information security tips video will show you how to spot and deal with spam emails.
So, do you get suspicious email that you’re unsure about? Wondering whether it’s safe to open it or not?
This information security tips video will give you some simple awareness tips to help you spot and deal with scam emails.
Spam has changed
Over half of all global email is spam. Spam used to be mainly about selling healthcare and adult services. Historically, only about 10% of spam was scams, malware or phishing attempts.
That’s all changed!
By the end of 2016, according to IBM, nearly half of all spam contained a malicious attachment, most of it dangerous ransomware.
How should you protect yourself?
Well, clearly technology can help.
Always enable your spam filter. Help it learn by marking any suspicious emails as ‘junk’, and when you get a false positive – a genuine email that isn’t spam – mark it as not being ‘spam’.
In a company context, there are software products and monitoring services that reduce much of the end-user involvement and hassle. Use them!
But, some spam will always gets through. The only way to really protect yourself is by knowing what to look out for and how to react.
Fortunately, this is mostly common sense.
What to look out for
Rule number one. Always trust your instincts. If something doesn’t feel right, then don’t do it.
That said, what are the common things to look out for? Some scammer’s traits are easily spotted.
- Spam email is generated in overwhelming quantities. Most spam is not targeted at you personally.
- Genuine email from reputable organisations are carefully written, edited and proofread before it’s ever sent. Not so with spam. Scammers usually steal the graphic elements – logos and the like, from the companies that they impersonate. But, they fail to pay so much attention to the email wording.
- Scam emails are often poorly written. They may be littered with misspellings, use bad grammar and be poorly laid-out visually.
- A common tell-tale sign is the lack of personalisation. For example, if you receive an email apparently from your bank, or a company that you have an account with – say a utility company, or an online retailer, you would expect them to address you by either your first name or your proper salutation. Most harvested or stolen email addresses don’t come with names, so the salutation field is often left blank, or just contains a comma.
What is the aim of a scam email?
Scam emails usually adopt social engineering techniques, trying to trick you into doing one of two things:
- Reveal sensitive or confidential information. This might be personal information to build up a synthetic profile on you – as a precursor to identity theft.
- Click on a link to visit a malicious website or download and install malware. Most phishing is used to install persistent malware onto the victim’s computer Social engineers try to manipulate your emotions; good or bad.
Scam emails usually prey on fear and greed, as well as nobler emotions, say seeking your support for a worthy cause. This is where you should trust your instincts. If this email was from a legitimate organisation, would it use the same emotive language?
If it seems too good – or too bad – to be true, then it’s probably a scam.
What do you do if you’re suspicious about an email?
Let’s say you receive a suspicious email, with a subject of interest. It’s apparently from a legitimate source, but you’re unsure. What should you do?
- Check the senders address – many spam emails use a compromised address Check the salutation – have they got it right?
- Hover – don’t click – over any links – is it trying to send you to a misleading link?
- If it doesn’t check out – just mark it as spam – delete it – move on with the rest of your day.
But say, you’re still unsure? Perhaps you do business with this organisation, and you’re worried that something is wrong?
- Don’t click on any links in the email.
- Never open any attachments.
- Don’t call any numbers in the email.
- Locate the company’s official website or customer services number via a search engine or from official correspondence.
- Call them and ask if it’s genuine. Chances are it’ll be a scam email.
Clearly this only scratches the surface of the problem.
Other videos you may be interested in:
Ransomware – What is it? https://www.youtube.com/watch?v=lTBHuljwqM0
Ransomware – How to avoid it https://www.youtube.com/watch?v=nvd6RpLTW98&t=47s
Ransomware – Dealing with it https://youtu.be/68nWL5vhpv8
For more information security explainer videos subscribe to the CHL YouTube channel. https://www.youtube.com/channel/UCthdDUWBZrmnTOkmxwm5HKw?view_as=subscriber